#!/bin/sh

/bin/echo "Prepare net rules ............."
IPTABLES="/usr/local/bin/iptables"

# flush rules
$IPTABLES --flush
$IPTABLES -t nat --flush
$IPTABLES -t mangle --flush
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X

# Unlimited traffic on the loopback interface
#$IPTABLES -A INPUT  -i lo -j ACCEPT

# Set the default policy to drop
#$IPTABLES -P INPUT DROP	

# INPUT rules
$IPTABLES -N DEBUG
$IPTABLES -A INPUT -j DEBUG

$IPTABLES -N PROXYSERVER
$IPTABLES -A INPUT -j PROXYSERVER

$IPTABLES -N PROXYDELEGATED
$IPTABLES -A INPUT -j PROXYDELEGATED

$IPTABLES -N ADMINRANGE
$IPTABLES -A INPUT -j ADMINRANGE

$IPTABLES -N SNMP
$IPTABLES -A INPUT -j SNMP

$IPTABLES -N APPLY
$IPTABLES -A INPUT -j APPLY

$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A INPUT -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
$IPTABLES -A INPUT -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
$IPTABLES -A INPUT -p UDP -d 255.255.255.255 --destination-port 67:68 -j ACCEPT

# FORWARD rules
#$IPTABLES -N DEBUG 
#$IPTABLES -A FORWARD -j DEBUG

#$IPTABLES -N USERPOLICY
#$IPTABLES -A FORWARD -j USERPOLICY

$IPTABLES -N USERFILTER
$IPTABLES -A FORWARD -j USERFILTER 

#$IPTABLES -N ANTIATTACK
#$IPTABLES -A FORWARD -j ANTIATTACK 

$IPTABLES -N DISABLED 
$IPTABLES -A FORWARD -j DISABLED 

$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Bridge 

# PREROUTING
$IPTABLES -t nat -N USERFILTER
$IPTABLES -t nat -A PREROUTING -j USERFILTER

#$IPTABLES -t nat -N USERPOLICY
#$IPTABLES -t nat -A PREROUTING -j USERPOLICY

$IPTABLES -t nat -N USERDNAT	
$IPTABLES -t nat -A PREROUTING -j USERDNAT

$IPTABLES -t nat -N ANTIVIRUS
$IPTABLES -t nat -A PREROUTING -j ANTIVIRUS

$IPTABLES -t nat -N froxdnat
$IPTABLES -t nat -A PREROUTING -j froxdnat

# POSTROUTING
$IPTABLES -t nat -N USERSNAT	
$IPTABLES -t nat -A POSTROUTING -j USERSNAT	

$IPTABLES -t nat -N froxsnat
$IPTABLES -t nat -A POSTROUTING -j froxsnat

#MSN: iptables -t nat -A PREROUTING -p tcp --destination-port 1863 -j REDIRECT --to-ports 16667
#ICQ/AIM: iptables -t nat -A PREROUTING -p tcp --destination-port 5190 -j REDIRECT --to-ports 16667
#Yahoo: iptables -t nat -A PREROUTING -p tcp --destination-port 5050 -j REDIRECT --to-ports 16667
#IRC: iptables -t nat -A PREROUTING -p tcp --destination-port 6667 -j REDIRECT --to-ports 16667
#Gadu-Gadu: iptables -t nat -A PREROUTING -p tcp --destination-port 8074 -j REDIRECT --to-ports 16667

